Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.

Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

Microsoft Windows Update Client Elevation of Privilege Vulnerability

Windows Update Stack Setup Elevation of Privilege Vulnerability

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.

<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations.</p>

Microsoft Windows Defender Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.</p> <p>The security update addresses the vulnerability by correcting how Windows handles reparse points.</p>

Windows Fax Service Elevation of Privilege Vulnerability

Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.

A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.

Windows Print Spooler Elevation of Privilege Vulnerability

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

Windows Cleanup Manager Elevation of Privilege Vulnerability

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

Microsoft Office Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Windows Group Policy Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)